NSA code backported, crims cuffed, leaky AWS S3 buckets, and more

But it's not all good news!

Roundup Here's a roundup of this week's security news, beyond what we've already covered, to kickstart your weekend.

You dirty RAT

Scumbags could, once upon a time, buy a remote access trojan called Luminosity Link for about $40, and get a piece of malware that, when installed on victims' PCs, would spy on their activities, disable security software, and install further malicious code. It's the sort of stuff miscreants purchase to snoop on their partners, spouses, employees, rivals, and so on. But now that's over, for Luminosity Link that is, because Brit cops have shutdown the software's distribution, and are hunting for those that bought it.

“The sale and deployment of this hacking tool were uncovered following a single arrest and the subsequent forensic examination of the computer," said Detective Inspector Ed Heath, head of the UK's South West Regional Cyber Crime Unit. “More than a year’s complex work with international policing partners led us to identify a large number of offenders.”

Infraud 'kingpin' nabbed

There was more good news in international cooperation this week with the takedown of the Infraud Organization, a group accused of selling and exploiting stolen data online. Thirteen people were cuffed and 36 indicted after an international police operation.

According to the cops, the alleged kingpin of the operation, who's motto was "In fraud we trust," was Sergey Medvedev, 31, a Russian national who was nabbed during a holiday in Thailand. Police seized a lot of electronic gear and shortly afterwards took control of the crime gang's forum.

We've seen cops and government agents use this tactic – snaring people on vacation – before against Russian operators. Basically, there aren't a lot of nice getaway destinations in Russia during winter, and if nationals head to a country that has the right extradition treaties, they're going to get cuffed.

Two steps forward, several steps back

OK, so the police had some luck, but there's still a lot of nasty stuff out there.

Chinese researchers have spotted an Android worm in circulation in Asia and now spreading fast around the world. The ADB.Miner, it is believed, is being spread by third-party app stores, thanks to code borrowed from the Mirai botnet.

It appears that the main purpose of the malware is to rev up the infected phone's processor core so that it can mine digital currency. As such, the worm will need to spread fast to be effective – most handsets don’t have the hardware grunt (or battery life) to be a serious coinage creators.

Eternal romance in time for Valentine's Day

We're likely going to be seeing more malware infections coming down the line using the NSA's leaked exploit code that attacks Windows network shares. Earlier this week, a security researcher showed it was possible to adapt the exploit code to attack older versions of Windows that were previously spared by the cyber-weapons.

Sean Dillon, a researcher at security shop RiskSense, found a way to port the EternalChampion, EternalRomance, and EternalSynergy exploits – developed by the NSA and then leaked online by the Shadow Brokers – to Microsoft operating systems going all the way back to Windows 2000.

If you have applied the MS17-010 patch from Microsoft, you should be safe from these SMB-based attacks.

It was an interesting piece of research, done to make it easier for other researchers to find new ways to block the code. But it's likely that the malware community is also taking note and so we'll see a lot more hacks using these exploits in the future.

The Shadow Brokers are thought to be a Russian front organization, and there was more news about what Putin and his pals have allegedly been up to this week. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, said that he Russians had actually got into voting rolls computers before the 2016 election.

"We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated," she said

That's good news in a way, but as we have seen it's astonishingly easy to hack America's pathetically insecure voting system. Much more work is going to be needed to fix these issues and there's another election round this year.

Buckets, buckets everywhere!

Chris Vickery and the Upguard team have had a busy week, exposing not one but two cases where companies are storing material online in Amazon S3 buckets without proper safeguards.

On Monday, he outed Octoly, a Paris-based brand marketing company that chucks freebie goodies at social media influencers in exchange for getting positive press coverage. Unfortunately, the agency left the contact details for 12,000 of these hipsters-for-hire online for all to see.

(For the record, it should be pointed out that we at El Reg never provide positive coverage in exchange for freebies. We'll happy let a PR buy us a drink or six, or a slap-up steak meal, or a trip to Hawaii, but that's not reflected in our copy.)

On Wednesday, Upguard was at it again, this time reporting on the Maryland Joint Insurance Association in the US. On this occasion, it wasn't an Amazon cloud account issue, just a misconfigured network-attached internet-facing storage device that provided easy access to anyone who found it online.

The device contained customer names, addresses, phone numbers, birth dates, and full Social Security numbers, as well as financial data such as check images, full bank account numbers, and insurance policy numbers. For added fun, the company's admin passwords were also on display.

Upguard has made finding unsecured storage archives and advising companies on how to be more secure into a nice little business. If you don't want to be shown to be a doofus then for goodness' sake lock down your archives – we're getting peeved at having to cover these kinds of cockups. ®

Similar topics

Other stories you might like

  • India reveals home-grown server that won't worry the leading edge

    And a National Blockchain Strategy that calls for gov to host BaaS

    India's government has revealed a home-grown server design that is unlikely to threaten the pacesetters of high tech, but (it hopes) will attract domestic buyers and manufacturers and help to kickstart the nation's hardware industry.

    The "Rudra" design is a two-socket server that can run Intel's Cascade Lake Xeons. The machines are offered in 1U or 2U form factors, each at half-width. A pair of GPUs can be equipped, as can DDR4 RAM.

    Cascade Lake emerged in 2019 and has since been superseded by the Ice Lake architecture launched in April 2021. Indian authorities know Rudra is off the pace, and said a new design capable of supporting four GPUs is already in the works with a reveal planned for June 2022.

    Continue reading
  • Prisons transcribe private phone calls with inmates using speech-to-text AI

    Plus: A drug designed by machine learning algorithms to treat liver disease reaches human clinical trials and more

    In brief Prisons around the US are installing AI speech-to-text models to automatically transcribe conversations with inmates during their phone calls.

    A series of contracts and emails from eight different states revealed how Verus, an AI application developed by LEO Technologies and based on a speech-to-text system offered by Amazon, was used to eavesdrop on prisoners’ phone calls.

    In a sales pitch, LEO’s CEO James Sexton told officials working for a jail in Cook County, Illinois, that one of its customers in Calhoun County, Alabama, uses the software to protect prisons from getting sued, according to an investigation by the Thomson Reuters Foundation.

    Continue reading
  • Battlefield 2042: Please don't be the death knell of the franchise, please don't be the death knell of the franchise

    Another terrible launch, but DICE is already working on improvements

    The RPG Greetings, traveller, and welcome back to The Register Plays Games, our monthly gaming column. Since the last edition on New World, we hit level cap and the "endgame". Around this time, item duping exploits became rife and every attempt Amazon Games made to fix it just broke something else. The post-level 60 "watermark" system for gear drops is also infuriating and tedious, but not something we were able to address in the column. So bear these things in mind if you were ever tempted. On that note, it's time to look at another newly released shit show – Battlefield 2042.

    I wanted to love Battlefield 2042, I really did. After the bum note of the first-person shooter (FPS) franchise's return to Second World War theatres with Battlefield V (2018), I stupidly assumed the next entry from EA-owned Swedish developer DICE would be a return to form. I was wrong.

    The multiplayer military FPS market is dominated by two forces: Activision's Call of Duty (COD) series and EA's Battlefield. Fans of each franchise are loyal to the point of zealotry with little crossover between player bases. Here's where I stand: COD jumped the shark with Modern Warfare 2 in 2009. It's flip-flopped from WW2 to present-day combat and back again, tried sci-fi, and even the Battle Royale trend with the free-to-play Call of Duty: Warzone (2020), which has been thoroughly ruined by hackers and developer inaction.

    Continue reading

Biting the hand that feeds IT © 1998–2021